ComboFix 11-05-09.03 - La Patate 10/05/2011 22:00:33.2.2 - x86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6002.2.1252.33.1036.18.2045.1543 [GMT 2:00]
Lancé depuis: c:\users\La Patate\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\tdsskiller\tdsskiller.exe
c:\windows\system32\tmp.reg
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2011-04-10 au 2011-05-10 ))))))))))))))))))))))))))))))))))))
.
.
2011-05-10 20:09 . 2011-05-10 20:09 -------- d-----w- c:\users\La Patate\AppData\Local\temp
2011-05-10 20:09 . 2011-05-10 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-09 06:58 . 2011-05-09 06:58 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2011-05-09 06:33 . 2011-05-09 19:15 -------- d-----w- c:\program files\ZHPDiag
2011-05-06 12:16 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A921DC20-B70B-4494-8E9F-25227D281181}\mpengine.dll
2011-04-27 08:01 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 08:01 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 08:01 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-17 19:32 . 2011-04-17 19:34 -------- d-----w- C:\UsbFix
2011-04-14 08:54 . 2011-04-14 09:02 -------- d-----w- c:\users\La Patate\AppData\Roaming\XnView
2011-04-14 08:54 . 2011-04-14 08:54 -------- d-----w- c:\program files\XnView
2011-04-14 08:37 . 2011-04-14 08:42 -------- d-----w- c:\program files\JPEG Compression
2011-04-14 01:39 . 2011-04-14 01:39 103864 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-04-13 20:14 . 2011-04-13 20:14 -------- d-----w- c:\users\La Patate\AppData\Roaming\NAVIGON Fresh
2011-04-13 20:12 . 2011-04-13 20:12 -------- d-----w- c:\program files\NAVIGON
2011-04-13 07:08 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-18 10:23 . 2010-08-01 11:29 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-03 09:39 . 2010-06-22 13:57 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-29 13:29 . 2011-03-29 13:29 161792 ----a-w- c:\windows\system32\msls31.dll
2011-03-29 13:29 . 2011-03-29 13:29 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-03-29 13:29 . 2011-03-29 13:29 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-29 13:29 . 2011-03-29 13:29 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-29 13:29 . 2011-03-29 13:29 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-29 13:29 . 2011-03-29 13:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-29 13:29 . 2011-03-29 13:29 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-03-29 13:29 . 2011-03-29 13:29 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-03-29 13:29 . 2011-03-29 13:29 367104 ----a-w- c:\windows\system32\html.iec
2011-03-29 13:29 . 2011-03-29 13:29 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-29 13:29 . 2011-03-29 13:29 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-29 13:29 . 2011-03-29 13:29 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-29 13:29 . 2011-03-29 13:29 152064 ----a-w- c:\windows\system32\wextract.exe
2011-03-29 13:29 . 2011-03-29 13:29 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-03-29 13:29 . 2011-03-29 13:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-29 13:29 . 2011-03-29 13:29 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-29 13:29 . 2011-03-29 13:29 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-03-29 13:29 . 2011-03-29 13:29 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-03-29 13:29 . 2011-03-29 13:29 11776 ----a-w- c:\windows\system32\mshta.exe
2011-03-29 13:29 . 2011-03-29 13:29 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-29 13:29 . 2011-03-29 13:29 101888 ----a-w- c:\windows\system32\admparse.dll
2011-03-10 13:29 . 2011-03-10 13:29 0 ----a-w- c:\users\La Patate\errorlog.tmp
2011-03-03 15:40 . 2011-04-27 08:01 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 08:01 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 08:01 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 08:01 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-26 09:51 . 2011-02-26 09:53 737280 ----a-w- c:\windows\iun6002.exe
2011-02-22 14:13 . 2011-03-23 15:19 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 15:19 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 15:19 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-04-14 16:47 . 2011-05-05 15:11 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Steam"="c:\program files\Steam\Steam.exe" [2010-11-23 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-01-07 288872]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-04-21 339624]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-04-21 421032]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-02-04 15232]
R3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2011-01-24 310640]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;Prise en charge de l’impression WSD via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-19 16896]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-07-12 64288]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-05-02 2146496]
.
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPService REG_MULTI_SZ HPSLPSVC
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenu du dossier 'Tâches planifiées'
.
2011-05-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 15:14]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://
www.google.fr/
uInternet Settings,ProxyOverride = *.local
IE: &Envoyer à OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: Download with &Shareaza - c:\program files\Shareaza\RazaWebHook32.dll/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Envoyer au périphérique &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Envoyer l'&image au périphérique Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\users\La Patate\AppData\Roaming\Mozilla\Firefox\Profiles\lagw8qcw.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-05-10 22:09
Windows 6.0.6002 Service Pack 2 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2011-05-10 22:11:58
ComboFix-quarantined-files.txt 2011-05-10 20:11
.
Avant-CF: 59 143 430 144 octets libres
Après-CF: 59 054 419 968 octets libres
.
- - End Of File - - 339B1408081DBFD7CC5901943A2A0054